[Google Maps Places] - ADC - Impersonating Service Account failing #1915
Comments
|
Issue was opened with an invalid reproduction link. Please make sure the repository is a valid, publicly-accessible github repository, and make sure the url is complete (example: https://github.com/googleapis/google-cloud-node) |
|
Re-opening as the reproduction link is a public gist https://gist.github.com/shaunmitchellve/40cf10cd968ce19e29a50133d8fb3f3a You need to fix your GitHub actions as they are auto-closing issues that are correct and follow the template. |
|
Thanks for submitting this @shaunmitchellve and you're right about the template (I sent a fix here). Thanks for the patience, I know it's not ideal! I'm going to transfer this issue over to auth as it seems to be auth related - @d-goog would you mind taking a look? |
|
Issue was opened with an invalid reproduction link. Please make sure the repository is a valid, publicly-accessible github repository, and make sure the url is complete (example: https://github.com/googleapis/google-cloud-node) |
|
Issue was opened with an invalid reproduction link. Please make sure the repository is a valid, publicly-accessible github repository, and make sure the url is complete (example: https://github.com/googleapis/google-cloud-node) |
|
Issue was opened with an invalid reproduction link. Please make sure the repository is a valid, publicly-accessible github repository, and make sure the url is complete (example: https://github.com/googleapis/google-cloud-node) |
sofisl
added
needs more info
|
Hey @shaunmitchellve, do you have a few (redacted) logs to share? There are a few different code paths for impersonating and want to ensure yours is covered for debugging |
|
Hey @d-goog it seems like this is actually fixed by googleapis/google-cloud-node#5892 Seems like a fix in the generator, so I'll close this as a duplicate for now. |
Please make sure you have searched for information in the following guides.
A screenshot that you have tested with "Try this API".
LInk
https://gist.github.com/shaunmitchellve/40cf10cd968ce19e29a50133d8fb3f3a
A step-by-step description of how to reproduce the issue, based on the linked reproduction.
gcloud auth application-default login --impersonate-service-account <SA-EMAIL>node test.mjsThis returns the error
400 undefined: Getting metadata from plugin failed with error: INVALID_ARGUMENT: unable to impersonate: Request contains an invalid argument.When running code that utilizes the impersonation like Google Cloud SignedURLs for Storage Buckets it works fine.
application_default_credentials.json
{ "delegates": [], "service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[REDACTED]@[REDACTED].iam.gserviceaccount.com:generateAccessToken", "source_credentials": { "account": "", "client_id": "[REDACTED]", "client_secret": "[REDACTED]", "refresh_token": "[REDACTED]", "type": "authorized_user", "universe_domain": "googleapis.com" }, "type": "impersonated_service_account" }A clear and concise description of what the bug is, and what you expected to happen.
When running the Places Client using Application Default Credentials the simple / sample code runs fine, however when impersonating a service account the GAX code seems to be not setup properly.
A clear and concise description WHY you expect this behavior, i.e., was it a recent change, there is documentation that points to this behavior, etc. **
Impersonating a service account using ADC is a common practice and in some cases it's required for the application if it uses Google Cloud Storage Signed URLs.
The text was updated successfully, but these errors were encountered: